Passing application context from IdP back to SP
Cantor, Scott
cantor.2 at osu.edu
Tue Nov 27 20:29:36 EST 2012
On 11/27/12 8:18 PM, "Andrei Remenchuk" <andrei144 at gmail.com> wrote:
>I have managed to make it work by overriding handlerURL in application
>overrides:
That is the only way overrides based on path will ever work. It's the
entire basis of the mechanism. Every application MUST have unique, mapped
endpoints, full stop, no exceptions.
>This works and does what I am trying to achive, however that requires me
>to declare these handlers in SP metadata as separate
>AssertionConsumerService entries, in addition to default consumer service:
Yes.
>The problem is that we want to provision organizational entries
>dynamically and give all different IdPs single fixed metadata for our
>SP, ideally without any organization-specific details built into it and
>without hard-coding any paths. We don't want to deal with virtual hosts
>either. Is that even possible ?
No.
>Are there any ways to cleanly share single common
>AssertionConsumerService between different applications and preserve
>application context ?
Absolutely not. The main point of using separate applications is to
isolate session context and cookie policy, which means by definition the
handler has to be able to set a cookie that can be read by the resources.
-- Scott
More information about the users
mailing list